install_postfix_advanced.sh: chenge settings for smtpd Restrictions.
This commit is contained in:
parent
2201dad20f
commit
f005ee55f8
@ -1024,10 +1024,10 @@ virtual_alias_maps =
|
||||
virtual_alias_domains =
|
||||
|
||||
|
||||
#======= Restrictions ============
|
||||
#======= smtpd Restrictions ============
|
||||
|
||||
## ---
|
||||
## - Define restrictions
|
||||
## - Define smtpd Restrictions
|
||||
## ---
|
||||
|
||||
smtpd_restriction_classes = check_greylist
|
||||
@ -1035,7 +1035,7 @@ check_greylist = check_policy_service inet:127.0.0.1:10023
|
||||
|
||||
|
||||
## ---
|
||||
## - Recipient restrictions
|
||||
## - smtpd Recipient Restrictions
|
||||
## ---
|
||||
|
||||
smtpd_recipient_restrictions =
|
||||
@ -1052,19 +1052,60 @@ smtpd_recipient_restrictions =
|
||||
reject_non_fqdn_sender,
|
||||
reject_non_fqdn_recipient,
|
||||
reject_unknown_sender_domain,
|
||||
reject_unknown_recipient_domain,
|
||||
reject_unlisted_recipient,
|
||||
# don't accept misconfigured recipients
|
||||
reject_unknown_recipient_domain,
|
||||
# Reject the request when the RCPT TO address is not listed in the list of valid
|
||||
# recipients for its domain class. See the smtpd_reject_unlisted_recipient
|
||||
# parameter description for details.
|
||||
#
|
||||
# smtpd_reject_unlisted_recipient (default: yes)
|
||||
#
|
||||
# Request that the Postfix SMTP server rejects mail for unknown recipient addresses,
|
||||
# even when no explicit reject_unlisted_recipient access restriction is specified.
|
||||
# This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages.
|
||||
#
|
||||
# An address is always considered "known" when it matches a virtual(5) alias or
|
||||
# a canonical(5) mapping.
|
||||
# - The recipient domain matches \$mydestination, \$inet_interfaces or \$proxy_interfaces,
|
||||
# but the recipient is not listed in \$local_recipient_maps, and \$local_recipient_maps
|
||||
# is not null.
|
||||
# - The recipient domain matches \$virtual_alias_domains but the recipient is not listed
|
||||
# in \$virtual_alias_maps.
|
||||
# - The recipient domain matches \$virtual_mailbox_domains but the recipient is not
|
||||
# listed in \$virtual_mailbox_maps, and \$virtual_mailbox_maps is not null.
|
||||
# - The recipient domain matches \$relay_domains but the recipient is not listed in
|
||||
# \$relay_recipient_maps, and \$relay_recipient_maps is not null.
|
||||
#
|
||||
reject_unlisted_recipient,
|
||||
# reject_unauth_destination
|
||||
#
|
||||
# Reject the request unless one of the following is true:
|
||||
#
|
||||
# - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains
|
||||
# or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain),
|
||||
#
|
||||
#
|
||||
# - Postfix is the final destination: the resolved RCPT TO domain matches
|
||||
# \$mydestination, \$inet_interfaces, \$proxy_interfaces, \$virtual_alias_domains,
|
||||
# or \$virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain).
|
||||
#
|
||||
# Note:
|
||||
# reject_unauth_destination is not needed here if the mail
|
||||
# relay policy is specified under smtpd_relay_restrictions
|
||||
# (available with Postfix 2.10 and later).
|
||||
#reject_unauth_destination,
|
||||
# Reject the request when mail to the RCPT TO address is known to bounce, or when the
|
||||
# recipient address destination is not reachable. Address verification information is
|
||||
# managed by the verify(8) server; see http://www.postfix.org/ADDRESS_VERIFICATION_README.html
|
||||
# for more details
|
||||
reject_unverified_recipient,
|
||||
# RBL check - !! comment out if postcreens postscreen_dnsbl_sites is in use
|
||||
# Whitelist (configured on a.ns.oopen.de
|
||||
# in /opt/tinydns/root/zonefiles/dnswl.oopen.de.zone )
|
||||
# Whitelist (configured at a.ns.oopen.de)
|
||||
permit_dnswl_client dnswl.oopen.de,
|
||||
# Blacklists
|
||||
reject_rbl_client zen.spamhaus.org,
|
||||
reject_rbl_client ix.dnsbl.manitu.net,
|
||||
#reject_rbl_client bl.spamcop.net,
|
||||
# March 1, 2013: NJABL is in the process of being shut down
|
||||
#reject_rbl_client dnsbl.njabl.org,
|
||||
# Policyd-Weight
|
||||
#check_policy_service inet:127.0.0.1:12525,
|
||||
# Greylisting check
|
||||
@ -1079,29 +1120,16 @@ smtpd_recipient_restrictions =
|
||||
#
|
||||
# selctive greylisting:
|
||||
# check_client_access pcre:/etc/postfix/greylist_client_access_pcre,
|
||||
#
|
||||
#warn_if_reject,
|
||||
check_client_access pcre:/etc/postfix/greylist_client_access_pcre,
|
||||
# Reject the request unless one of the following is true:
|
||||
#
|
||||
# - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains
|
||||
# or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain),
|
||||
#
|
||||
#
|
||||
# - Postfix is the final destination: the resolved RCPT TO domain matches
|
||||
# \$mydestination, \$inet_interfaces, \$proxy_interfaces, \$virtual_alias_domains,
|
||||
# or \$virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain).
|
||||
reject_unverified_recipient,
|
||||
# permit Backup MX
|
||||
permit_mx_backup,
|
||||
# forbid all other relaying
|
||||
reject_unauth_destination,
|
||||
# permit, if all restrictions so far passed
|
||||
permit
|
||||
|
||||
|
||||
## ---
|
||||
## - Relay Restrictions (since version 2.11)
|
||||
## - smtpd Relay Restrictions (since version 2.11)
|
||||
## ---
|
||||
|
||||
smtpd_relay_restrictions =
|
||||
@ -1118,50 +1146,24 @@ smtpd_relay_restrictions =
|
||||
reject_non_fqdn_sender,
|
||||
reject_non_fqdn_recipient,
|
||||
reject_unknown_sender_domain,
|
||||
reject_unknown_recipient_domain,
|
||||
reject_unlisted_recipient,
|
||||
# don't accept misconfigured recipients
|
||||
# RBL check - !! comment out if postcreens postscreen_dnsbl_sites is in use
|
||||
# Whitelist (configured on a.ns.oopen.de
|
||||
# in /opt/tinydns/root/zonefiles/dnswl.oopen.de.zone )
|
||||
permit_dnswl_client dnswl.oopen.de,
|
||||
# Blacklists
|
||||
reject_rbl_client zen.spamhaus.org,
|
||||
reject_rbl_client ix.dnsbl.manitu.net,
|
||||
#reject_rbl_client bl.spamcop.net,
|
||||
# March 1, 2013: NJABL is in the process of being shut down
|
||||
#reject_rbl_client dnsbl.njabl.org,
|
||||
# Policyd-Weight
|
||||
#check_policy_service inet:127.0.0.1:12525,
|
||||
# Greylisting with postgrey
|
||||
#
|
||||
# check_policy_service inet:127.0.0.1:10023,
|
||||
#
|
||||
#
|
||||
# Using defined restriction class (see 'smtpd_restriction_classes'):
|
||||
#
|
||||
# greylist all connections:
|
||||
# check_greylist,
|
||||
#
|
||||
# selctive greylisting:
|
||||
# check_client_access pcre:/etc/postfix/greylist_client_access_pcre,
|
||||
#
|
||||
#warn_if_reject,
|
||||
check_client_access pcre:/etc/postfix/greylist_client_access_pcre,
|
||||
reject_unknown_recipient_domain,
|
||||
# Reject the request unless one of the following is true:
|
||||
#
|
||||
# - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains
|
||||
# or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain),
|
||||
#
|
||||
#
|
||||
# - Postfix is the final destination: the resolved RCPT TO domain matches
|
||||
# \$mydestination, \$inet_interfaces, \$proxy_interfaces, \$virtual_alias_domains,
|
||||
# or \$virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain).
|
||||
reject_unauth_destination,
|
||||
# Reject the request when mail to the RCPT TO address is known to bounce, or when the
|
||||
# recipient address destination is not reachable. Address verification information is
|
||||
# managed by the verify(8) server; see http://www.postfix.org/ADDRESS_VERIFICATION_README.html
|
||||
# for more details
|
||||
reject_unverified_recipient,
|
||||
# permit Backup MX
|
||||
permit_mx_backup,
|
||||
# forbid all other relaying
|
||||
reject_unauth_destination,
|
||||
# permit, if all restrictions so far passed
|
||||
permit
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user